Control what your users can access and save time, money, and frustrations. Lock down sensitive data in SugarCRM or SuiteCRM to specific groups or teams. Supports unlimited assigned users, unlimited group assignments to records, custom layouts for each group, login/sudo capabilities and much more.
#4419 - Deny precede Allow rule!
Hello,
I was trying to create a two security groups and limit the access to the certain module for the second one but allow on the first one. The problem is they were suppose to share let's say Leads without restrictions but one should not be accessing Notes and the other should?
How can I accomplish this using Security Suite rules? I have tried all that I could think of including not inheritable option, setting primary group. It seems that when you add second group regardless of what were the settings of the first group, the rules in Roles of the first group are precede by that second group.
If we can set that Deny always precede Allow rule regardless of how many groups one user is a member of, that could be great for accomplishing this scenario.
Looking forward to your reply.
Best Regards,
Slaven.
-
"Couldn't do without it. Highly recommended and I guarantee that you will not find another alternative."
Read More Reviews
- Most Recent Love from Users
kacsoristvan- damien8105
- anri
- Administrador
- Stefano1
- einkauf2
4 years ago
Hi Slaven,
What it sounds like you might need in this case is the Strict Rights option: https://www.sugaroutfitters.com/docs/securitysuite/options.
This will mean that the roles from the group assigned to a record will take precedence. You may also want to consider turning off the Additive Rights setting if you want the most restrictive rights to take precedence, but that doesn't sound like that is wanted, in general.
4 years ago
Thank you very much, that does it. Turning off additive right and enabling strict is just what I need in this case.
Best Regards,
Slaven.
4 years ago
One more update, it really did help, but messed up all other relationships in between our documents upload and users who can access them. Is it possible that we can turn on strict rules per group that we need?
Thank you.
4 years ago
Maybe I should explained what is the problem with strict rights more detailed...when we upload document using External tool there is a special group that has rights for that External tool account with allow on all rules on Accounts and Notes module. With Additive rules we can search through Accounts, with strict one we can't.